ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Work The Flow Plugin 1.2.1 - Arbitrary File Upload

Product
Work The Flow
Description
Work The Flow plugin is prone to an arbitrary file upload vulnerability that submit an image file via the wtf upload panel and intercept the POST request to /wp-admin/admin-ajax.php.
Solution
Edit the data from the control "accept_file_types".
Classification
Type Arbitrary File Upload
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.2.1
Fixed In 1.2.2
Disclosure date
2014-04-24
Credits
nopesled